<html><head><title>Cryptnos Help</title>
<style type="text/css">
body { font-family: Arial,Helvetica,sans-serif; font-size: 10pt; margin: 1em; padding: 1em; }
li { padding-bottom: 0.5em; }
.alert { color: red; font-weight: bold; background: #FFFFBB; }
code, pre { color: maroon; }
blockquote { background: #EEEEEE; }
</style>
</head>
<body><h1>Cryptnos Help</h1>
<p>Official Cryptnos Site: <a href="http://www.cryptnos.com/" target="_blank">http://www.cryptnos.com/</a><br />
Last Updated May 18, 2010</p>

<a name="toc"><h2>Table of Contents</h2></a>
<ul>
	<li><a href="#into">Introduction</a></li>
	<ul>
		<li><a href="#whatis">What is Cryptnos?</a></li>
		<li><a href="#whycryptnos">Why Cryptnos?</a></li>
		<li><a href="#hashes">Currently Supported Hashes</a></li>
		<li><a href="#disclaimer">Disclaimers</a></li>
	</ul>
	<li><a href="#install">Installing Cryptnos</a></li>
	<ul>
		<li><a href="#sysreqs">System Requirements</a></li>
		<li><a href="#installer">Running the Installer</a></li>
		<li><a href="#nonwin">Cryptnos on Non-Windows Platforms</a></li>
		<li><a href="#portable">Portable Cryptnos</a></li>
	</ul>
	<li><a href="#using">Using Cryptnos</a></li>
	<ul>
		<li><a href="#launch">Launching Cryptnos</a></li>
		<li><a href="#coreparams">Core Parameters</a></li>
		<li><a href="#optionalrules">Optional Rules</a></li>
		<li><a href="#rememberingsettings">Remembering Settings</a></li>
		<li><a href="#cmdbuttons">Command Controls</a></li>
	</ul>
	<li><a href="#updates">Finding Cryptnos Updates</a></li>
	<li><a href="#security">Security Considerations</a></li>
	<li><a href="#changelog">Change Log</a></li>
</ul>

<a name="intro"><h2>Introduction</h2></a>

<a name="whatis"><h3>What is Cryptnos?</h3></a>

<p>Cryptnos is a small GUI utility built using Microsoft's .NET Framework for generating strong, unique, yet repeatable passphrases using cryptographic hashes. Its original intended use was for website authentication, but it can be used for any purpose where strong passphrases are required or encouraged. Cryptnos combines an easy-to-remember token with a secret phrase known only to the user, then passes both to a selectable cryptographic hash to generate a passphrase that is seemingly random, difficult to brute-force, and impossible to regenerate without knowing both the token and the original secret.</p>
<p>In addition, Cryptnos allows the user to further refine the generated passphrase to fit additional restrictions. For example, some websites require passphrases to be within certain length constraints (say 8-12 characters) or may limit the types of characters that can be used (for example, only letters and numbers). Cryptnos will generate the hash from the original material and then apply these limits. For example, you can use a very strong SHA-512 hash, limit it to only alphanumerics, and then limit it further to only 12 characters long.  The final generated hash is suitable for copying or typing into the website's form without further modification.</p>
<p>Best of all, Cryptnos remembers the complex rules for generating each passphrase and stores it in a secure fashion in the Windows registry.  It uses both cryptographic hashes and strong AES (Rijndael) 256-bit encryption to store the rules for each passphrase in the registry, so even if the registry is copied or read by an admin, the values cannot be easily read. Of course, the final generated password requires the user's secret, which is <em><strong>NEVER</strong></em> stored, so even if the site parameters in the registry are decrypted, the final passphrase cannot be generated without social engineering or similar external means.</p>

<a name="whycryptnos"><h3>Why Cryptnos?</h3></a>

<p>Shortly after I created the <a href="http://www.gpf-comics.com/dl/winhasher/">WinHasher</a> application for generating cryptographic hashes of files on Windows, I came up with many ideas on how to tweak it. In addition to generating hashes for a file that could be used, say, to verify a download from the Internet, I also added a simple interface for comparing two or more files to see if their contents were identical. Almost as an afterthought, I added the ability to hash arbitrary text; the user could select a hashing algorithm and a character encoding then enter whatever text they wanted into a field, and WinHasher would generate the accompanying hash.</p>
<p>The idea behind the hash text feature of WinHasher was mostly to generate secure, pseudo-random passwords for Internet websites. By combining a unique "token" to identify the site (say, "gmail.com") with a "secret" token that only I would know and then passing both through a cryptographic hash, a strong random-looking password could be generated that would be unique for the given site, difficult to reverse engineer, and easy to regenerate given the same inputs. While there are already existing utilities for this purpose, including ones that plug directly into various Internet browsers, I wanted to design this myself, in part for the intellectual and programming challenge and in part in the spirit of "trust no one", eliminating reliance on external utilities that could disappear who knows when. By building my own utility, I knew it would exist as long as I deemed necessary. This password-generating "side-effect" of WinHasher quickly became the feature of the program that I used the most. That said, it was not ideally designed for that purpose.</p>
<p>In order to prevent the generated passwords from being too predictable, I had to make sure to include a "secret" portion of the plain text to "salt" the result with unknown data. Without such a salt, it would always be theoretically possible that someone could use a "rainbow table" style attack and compare the generated hash to other outputs to discover the plain text. That said, the full input into WinHasher's Hash Text function&mdash;the unique site "token" to identify the site plus the "secret"&mdash;had to be entered in visible plain text, allowing random passers-by to read the full input over the user's shoulder. In addition, I quickly found that many sites place restrictions on the contents of user passwords, including length and character class restrictions. If a site only permitted alphanumerics in a password and limited its length to twelve characters, the raw output of a SHA-1 hash in Base64 couldn't be used; it had to be further edited to remove unwanted characters. I ended up resorting to saving such generated and tweaked passwords in a text file, externally encrypted with GnuPG, to keep track of them. While the passwords themselves were strong and difficult to brute-force, the encrypted text file quickly became a bottleneck and a security risk in and of itself.</p>
<p>What I needed was something that performed all these tasks for me automatically:</p>
<p><ol>
	<li>Separate the site token and secret from each other and mask the secret with the usual password-text masking (i.e. eliminate over-the-shoulder snooping);</li>
	<li>Include the option to limit what character classes are generated (i.e. strip out non-alphanumerics if needed, etc.);</li>
	<li>Include the option to limit the number of characters in the generated password;</li>
	<li>Store all these parameters&mdash;minus the secret, which should <em>never</em> be saved&mdash;in a secure fashion so they can be automatically populated when the site token is selected from a list (i.e., I don't have to manually keep track of which options I had to tweak).</li>
</ol></p>
<p>After reviewing the requirements, I felt that there were more changes than I felt comfortable shoehorning into WinHasher to make it do something beyond its core purpose. A new application was warranted. Clearly there would be a bit of overlap and some code could be reused, but the core functionality would be essentially new. With this in mind, I began slinging around some code and Cryptnos was eventually born.</p>

<a name="hashes"><h3>Currently Supported Hashes</h3></a>

<p>Cryptnos supports the following cryptographic hashes for generating passphrases, which are made available by default through the Microsoft .NET Framework either as pure managed classes or interfaces to the unmanaged Microsoft CryptoAPI:</p>
<ul>
	<li><strong>MD5:</strong> A very common 128-bit hashing algorithm that is an Internet standard (<a href="http://tools.ietf.org/html/rfc1321">RFC 1321</a>). This is usually expressed as a 32-character hexadecimal number and was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. In 1996 and 2004, flaws were discovered in MD5 that now make it questionable for serious security purposes. In 2009, even more devastating evidence was presented when researchers demonstrated that fake SSL certificate authorities could be generated by using signatures from legitimate CAs signing certificates using MD5. <span class="alert">Therefore, we strongly discourage the use of MD5 for any purpose where security is paramount.</span> Still, MD5 continues to be widely used, so its support is generally expected. It should be noted, however, that these flaws do not necessarily mean that using this hash for passphrase generation is a bad idea. Many products similar to Cryptnos use MD5 for password generation, which is the primary reason we do not recommend it.</li>
	<li><strong>SHA-1:</strong> Considered the successor to MD5, SHA-1 produces a 160-bit digest. It was first published in 1995 as a "correction" to the previously released and withdrawn SHA-0 algorithm. While it is generally considered more secure than MD5, several attacks against it have been published and its future use is generally discouraged. However, like MD5, its use online continues to be prevalent. SHA-1 should provide a good baseline for passphrase generation (for now).</li>
	<li><strong>SHA-256:</strong> Part of the SHA-2 family of successor algorithms to SHA-1 first published in 2001, SHA-256 generates a 256-bit digest. It is computed with 32-bit words and uses a block size of 512 bits. No known weaknesses have been found as of this writing.</li>
	<li><strong>SHA-384:</strong> This algorithm is a truncated version of SHA-512, computed with a different initial value. It produces a 384-bit digest and has no known weaknesses.</li>
	<li><strong>SHA-512:</strong> Like SHA-256, this algorithm is a SHA-2 successor to SHA-1. It produces a 512-bit digest, using 64-bit words and a block size of 1024 bits. It has no known weaknesses.</li>
	<li><strong>RIPEMD-160:</strong> This 160-bit digest algorithm was developed in Europe and first published in 1996. It was designed in the open academic community and is not known to be constrained by any patents. It is not as widely used as MD5 or the SHA family, which may have caused it to be less scrutinized. A collision was found in the original 128-bit RIPEMD algorithm in 2004, so its use should be discouraged. However, no known collision exists in RIPEMD-160.</li>
</ul>
<p>In addition, the following hashing algorithms have been added, either from freely available sources or completely written from scratch by myself:</p>
<ul>
	<li><strong>Whirlpool:</strong> This 512-bit digest algorithm was designed by Vincent Rijmen and Paulo S. L. M. Barreto. Note that this is the 2003 second revision of Whirlpool, not the original "Whirlpool-0" of 2000 or the 2001 first revision "Whirlpool-T". For hashes of data shorter than 64 bits (8 bytes = 8 ASCII characters or 4 Unicode characters) this hash function has some of the same fundamental problems of hashes like MD5 or SHA-1. Longer hashes should be relatively safe, however. The Whirlpool code used by Cryptnos is adapted from the <a href="http://www.bouncycastle.org/csharp/">Legion of the Bouncy Castle Crypto API</a>, which in turn was ported from the <a href="http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html">original Java source</a> developed by Rijmen and Barreto.</li>
	<li><strong>Tiger:</strong> This 192-bit digest algorithm was designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. Note that this is the original implementation of Tiger that uses padding similar to MD4, not "Tiger2" which is closer to MD5 or SHA-1. There are no known attacks against the full number of rounds of Tiger, although collisions have been detected in several reduced-round versions. The Tiger code used by Cryptnos is adapted from the <a href="http://www.bouncycastle.org/csharp/">Legion of the Bouncy Castle Crypto API</a>, which in turn was ported from the <a href="http://www.cs.technion.ac.il/~biham/Reports/Tiger">reference implementations</a> developed by Anderson and Biham.</li>
</ul>
<p>It is my eventual goal to include other cryptographic hashes into this application, either by including code from freely available sources or by writing the algorithms myself.</p>

<a name="disclaimer"><h3>Disclaimers</h3></a>

<p>Please read the <a href="gpl.html">Cryptnos license</a> for complete licensing information. Cryptnos is released under the GNU General Public License version 2, which outlines information concerning its use, redistribution, and warranties. Please read this license fully before using this application.</p>
<p>Please read the <a href="#security">Security Considerations</a> section at the bottom of this document thoroughly before using Cryptnos.</p>
<p>We consider it to be the responsibility of the user to create backups of your parameter data using the Export feature in case something goes wrong and your Windows registry is damaged or inappropriately modified. We cannot be held responsible for your failure to follow this practice. Please see the <a href="#security">Security Considerations</a> section for additional details.</p>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<a name="install"><h2>Installing Cryptnos</h2></a>

<a name="sysreqs"><h3>System Requirements</h3></a>

<p>The primary system requirement for Cryptnos is the Microsoft .NET 2.0 Framework. This is a special series of common libraries that specially-built applications can call upon to provide standard Windows functionality. (Hard-core developers will recognize this is a gross oversimplification, but that should suffice for most people.) As such, Cryptnos will not work unless .NET 2.0 is installed. .NET itself has its own system requirements that must be met in order for it to be usable, but if your system meets these requirements running Cryptnos will be no problem.</p>
<p>To download the Microsoft .NET 2.0 Framework or obtain more information about it, click <a href="http://msdn2.microsoft.com/en-us/netframework/aa731542.aspx">here</a>. It should also be available through Windows Update or Microsoft Update on most versions of Windows newer that Windows 98SE. Note that .NET 3.0 or higher is <strong><em>NOT</em></strong> an "upgrade" from 2.0; it is a separate framework, designed to be installed alongside 2.0. So if you have .NET 1.1, 3.0, or any other version of the framework installed, you <em>still</em> must install .NET 2.0 for Cryptnos to work.</p>
<p>Beyond .NET's own requirements, Cryptnos doesn't require much. However, since cryptographic operations are very CPU intensive to produce, it should be noted that Cryptnos will perform better with more RAM and CPU horsepower available. Therefore, the faster your CPU is and the greater amount of free RAM available, the faster Cryptnos will work.</p>

<a name="installer"><h3>Running the Installer</h3></a>

<p>Installing Cryptnos should be a breeze, thanks to <a href="http://www.jrsoftware.org/isinfo.php">InnoSetup</a>. Simply download and run the installer program, just like you would for virtually any Windows application. To uninstall, run the uninstaller in the Cryptnos portion of the Start menu. The uninstaller will give you the option to remove all saved settings if you decide to complete remove the program. Note, however, that this operation cannot be undone, so if you plan to reinstall Cryptnos, you should leave your settings in place or export them prior to uninstalling the application.</p>

<a name="nonwin"><h3>Cryptnos on Non-Windows Platforms</h3></a>

<p>One of the beauties about using the .NET Framework to develop Cryptnos is that it's technically not restricted to Microsoft Windows. Anyone can (in theory) develop their own .NET framework based on Microsoft's specifications to run on any platform, and thus run any .NET application built for that framework. <a href="http://www.mono-project.com/">Mono</a> is one such project which runs .NET client and server applications on Linux, Solaris, Mac OS X, Windows, and Unix. However, at the time of this writing, Mono mostly supports .NET 1.1 and only partially supports .NET 2.0. <a href="http://www.mono-project.com/Moma">MoMA</a> reports that Cryptnos should work with Mono 2.2 (or higher, I assume). However, I do not plan to officially offer support for non-Windows use of Cryptnos.</p>
<p>The one place where Cryptnos is dependent on Windows functionality is that it stores its parameter information to the Windows registry. I have no idea what sort of support Mono has for this functionality. However, most of this can be skipped by unchecking the <strong>Remember parameters</strong> checkbox; the trade-off, of course, is that you will need to remember all your site parameters yourself..</p>

<a name="portable"><h3>Portable Cryptnos</h3></a>

<p>Cryptnos is not designed to be used as a "portable" app, or one that can be placed on removable media (such as a USB memory stick) and transfered cleanly from machine to machine. This is due in large part to the severe security implications of moving your passwords from one machine to another. Cryptnos should only ever be run on a system that you own and trust, one that you can reasonably guarantee to be free of viruses, malware, or surreptitious logging. To use a password generator on a system you do not trust is not only counterintuitive, but extremely dangerous. Therefore the use of Cryptnos as a portable app is <em>strongly</em> discouraged, and we no longer provide instructions on how to do so. We apologize for any inconvenience this may cause.</p>
<p>If you would like to move your parameter data from one trusted machine to another, you can always use the <strong>Export</strong> and <strong>Import</strong> features. Cryptnos export files are always encrypted, so they should be safe to move from place to place. See the <a href="#cmdbuttons">Command Controls</a> section below for import and export information.</p>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<a name="using"><h2>Using Cryptnos</h2></a>

<a name="launch"><h3>Launching Cryptnos</h3></a>

<p>When Cryptnos opens, it creates a small window with a series of controls. These controls are grouped into four main sections: <a href="#coreparams">Core Parameters</a>, <a href="#optionalrules">Optional Rules</a>, <a href="#rememberingsettings">Remembering Settings</a>, and <a href="#cmdbuttons">command buttons</a>.</p>

<a name="coreparams"><h3>Core Parameters</h3></a>

<p>The <strong>Core Parameters</strong> group contains the most important controls on the form, without which Cryptnos would be useless. In consists of the <strong>Site name</strong> combo-box, the <strong>Passphrase</strong> field, the <strong>Generate</strong> button, and the <strong>Password</strong> result text box.</p>
<p>The <strong>Site name</strong> combo-box contains the list of site "tokens" which will be combined with the "secret" to generate the resulting passphrase. What goes into this box is entirely up to you; the intended and suggested use is to put the domain name of the site you wish to generate the passphrase for (e.g. "gmail.com"). This (a) makes the passphrase unique for each site and (b) should be easy to find and remember. However, as long as the "site" is a string that is unique per passphrase and easy enough for to identify, it can be whatever you want. In my own usage, drawing from Cryptnos' WinHasher heritage, I often used abbreviations or little mnemonics for sites rather than domain names, just to make it easier to type.</p>
<p>By default, the <strong>Site name</strong> box is a combo-box, meaning it can be both an editable text box and a drop-down list. To add a new site, enter the site token into the box like any ordinary text. Once you generate a passphrase for that site, it will be added to the drop-down list so it can be selected later. The behavior of this box changes slightly with the checkboxes in the <a href="#rememberingsettings">Remembering Settings</a> group. If the <strong>Remember parameters</strong> checkbox is unchecked, the drop-down portion is cleared and Cryptnos will not remember site parameters when the <strong>Generate</strong> button is pressed. If the <strong>Lock parameters</strong> checkbox is checked, the <strong>Site name</strong> box becomes a read-only drop-down list; new items cannot be added and only existing sites can be selected.</p>
<p>The <strong>Passphrase</strong> text box is where you should enter your "secret" token. Like most Windows password controls, what you type here is masked so people cannot read over your shoulder what you type. Note, however, that observers can still see how <em>long</em> your secret is by counting the number of masking characters. Therefore, your secret should always be long and pseudo-random, just like any other passphrase. You cannot copy text out of this field, but you <em>can</em> paste.</p>
<p>Once you have entered or selected your site token and typed in your passphrase, the <strong>Generate</strong> button combines these values, hashes them, and applies any of the <a href="#optionalrules">optional rules</a> you have set. The resulting passphrase is placed in the read-only <strong>Password</strong> text box. If the <strong>Remember parameters</strong> checkbox is checked and the <strong>Lock parameters</strong> checkbox is unchecked (i.e. the default), clicking the <strong>Generate</strong> button also saves the site parameters&mdash;the site token and any optional rules&mdash;to the Windows registry. (The secret passphrase is <em>never</em> saved, nor is the generated passphrase.) If the <strong>Copy password to clipboard</strong> checkbox is checked, the new password is also copied directly to the system clipboard.</p>

<a name="optionalrules"><h3>Optional Rules</h3></a>

<p>The <strong>Optional Rules</strong> group contains additional controls that let you refine the passphrase you generate. As described in the <a href="#whycryptnos">Why Cryptnos?</a> section, sometimes the default settings will not generate a passphrase that you want or can use. Modifying these settings can let you use stronger hashes, limit the type of characters to use, or limit the number of characters to generate.</p>
<p>The <strong>Hash algorithm</strong> drop-down allows you to select which <a href="#hashes">cryptographic hash</a> to use when generating your passphrase. The default is SHA-1. You may, however, prefer to use a stronger or weaker hash for various reasons. For example, stronger hashes such as SHA-512 produce very long strings that may be impractical as a passphrase. However, SHA-1 has weaknesses that SHA-512 does not, so the stronger hash may in theory produce a better passphrase. If the generated passphrase is too long, you can always refine the result with additional rules. That said, stronger hashes take longer to generate; if speed is important to you, weaker hashes like MD5 or SHA-1 will give you results faster. Which hash you use is entirely up to you, but we recommend that you use the strongest hash that is practical for you. Using different hashes for different sites may also be a good idea, as this makes it harder for an attacker to guess which hash has been used.</p>
<p>The <strong>Perform this hash <em>x</em> times</strong> box instructs Cryptnos to perform the selected cryptographic hash a set number of times. This value must be a whole number greater than zero (i.e., positive integers), with a default value of one. In other words, if the value is one, Cryptnos will run the core parameters through the hash once and return the result (after other optional rules have been applied). If the value is two, it will hash the core parameters once, then pass the result of that hash back through the hash algorithm again before returning the result. The more iterations of the hash that are performed, the further away the result will be from the original parameters, making it harder for an attacker to guess the inputs. Once is usually enough (which is why it is the default), but multiple iterations can provide a slightly higher level of security. The trade off, however, is that multiple iterations take longer to generate the password, which could be a problem for slower computers.</p>
<p>Starting with Cryptnos 1.1, you will now receive a warning if you set a number of hash iterations greater than 500. This is because versions of Cryptnos on other platforms (in specific, Google Android) are capped at this value for performance reasons. Thus, if you create a set of parameters that includes an excessively high number of hash iterations, it may not be compatible with other versions of Cryptnos outside of .NET. We don't want to prevent you from setting such a high value, and we certainly don't want to break the passwords of anyone who has already done so, but you should be made aware that this incompatibility exists. 500 iterations should be more than enough for most people (the WPA standard for WiFi encryption uses 400) and should not significantly impact the performance of Cryptnos for Windows nor compromise your security.</p>
<p>The <strong>Character class ("Use...")</strong> drop-down lets you limit the generated passphrase to certain subsets of characters. Some sites may restrict you to certain character classes, such as only alphanumerics (i.e., letters and numbers). Cryptnos uses the Base64 encoding scheme to generate many pseudo-random-looking characters. Base64 output includes additional characters (the plus sign (+), the forward slash (/), and the equal sign (=)) that a site may reject in a passphrase. By tweaking this setting, you can tell Cryptnos to exclude certain characters from the generated passphrase and then remember your settings for future use. The options currently available are:</p>
<p><ul>
<li><strong>all generated characters</strong>, i.e. use the complete Base64-encoded output of the hash;</li>
<li><strong>alphanumerics plus underscores</strong>, remove all non-alphanumeric (i.e. anything that isn't a letter or number) characters except underscores;</li>
<li><strong>alphanumerics, change others to underscores</strong>, convert non-alphanumerics to underscores;</li>
<li><strong>alphanumerics only</strong> (upper and lower case letters plus numbers);</li>
<li><strong>alphabetic characters only</strong> (upper and lower case letters, no numbers);</li>
<li><strong>numbers only</strong> (no letters).</li>
</ul></p>
<p>The <strong>Use only the first <em>x</em> characters</strong> box allows you to limit the generated passphrase to a specified length. For example, if a given site sets a maximum password length of twelve characters, you can put "12" (sans quotes) into this box and your generated passphrase will be at most twelve characters long. The value in this box must be a whole number greater than one (i.e., positive integers); anything else will generate an error. If you do not wish to place a limit on the number of characters, leave this box empty. Note that it is theoretically possible to get <em>less</em> than the number of characters you specify here, depending on your other settings. For example, if the cryptographic hash produces less characters than your character limit, or if the character class restriction removes so many characters than the result is less than your limit, you can end up with fewer characters than what you specify. If that's the case, try tweaking the other settings (i.e. choose a longer hash or don't restrict the character classes as much) until the result is as long as you want.</p>
<p>These four settings are applied in the order shown on the form. When the <strong>Generate</strong> button is pressed, the values in the <strong>Site name</strong> and <strong>Passphrase</strong> boxes will be combined and hashed using the hash selected in the <strong>Hash algorithm</strong> box for the number of iterations specified by the iteration count box. Next, any character class restrictions are applied, potentially reducing the available characters. Finally, the character limit restriction is applied. After all of these restrictions are performed, the result is placed in the <strong>Password</strong> text box.</p>

<a name="rememberingsettings"><h3>Remembering Settings</h3></a>

<p>This control group governs whether or not Cryptnos remembers your parameter settings. It also provides a means to "forget" or clear one or all of your stored settings.</p>
<p>By default, the <strong>Remember parameters</strong> checkbox is checked. This means that every time you press the <strong>Generate</strong> button, in addition to generating the passphrase for the site in the <strong>Site name</strong> box, all of the core and optional parameters for generating that passphrase&mdash;with the exception of the secret passphrase&mdash;are stored in the Windows registry in a secure fashion. (See the <a href="#security">Security Considerations</a> section below.) This also adds the site token to the drop-down portion of the <strong>Site name</strong> box so it can be selected again later. If you select a given site in the <strong>Site name</strong> drop-down, all its parameters are read from the registry and the core and optional parameters are populated in the appropriate controls, so clicking the <strong>Generate</strong> button will generate the exact same passphrase as before.</p>
<p>If you uncheck the <strong>Remember parameters</strong> checkbox, you will get a warning message informing you that proceeding will completely erase your site parameters. If you decide to cancel, no changes will be made. However, if you choose to continue, all of your site parameters will be removed from the registry and the <strong>Site name</strong> drop-down list will be cleared. <em>Note that this action cannot be undone, so be sure that this is what you want to do before proceeding!</em> Clicking the <strong>Generate</strong> button will not store your parameters to the registry as long as this checkbox is cleared. You can restore the default operation by checking this box again, but you will not be able to restore any settings that were cleared while the box was unchecked unless they were exported via the <strong>Export</strong> feature first.</p>
<p>Next to the <strong>Remember parameters</strong> checkbox is the <strong>Lock parameters</strong> checkbox. If the <strong>Remember parameters</strong> checkbox is cleared, the <strong>Lock parameters</strong> checkbox becomes unchecked and disabled, so you cannot use it. If the <strong>Remember parameters</strong> checkbox is checked, however, the <strong>Lock parameters</strong> checkbox becomes enabled. If this box is checked, all site parameters become locked and you will be unable to add, remove, or change any of your site parameters. You can use this as a protection mechanism for day-to-day use to protect your saved parameters from typing and mouse mistakes. (Remember, when <strong>Remember parameters</strong> is checked, any time you click the <strong>Generate</strong> button the parameters are saved to the registry, even if you make a mistake.) In this mode, the following controls become disabled and/or read-only:</p>
<p><ul>
<li>The <strong>Site name</strong> becomes a read-only drop-down list where site tokens can be selected but not changed;</li>
<li>All of the <a href="#optionalrules">Optional Rules</a> controls become disabled (although they will still be populated correctly when the site name changes);</li>
<li>The <strong>Remember parameters</strong> checkbox and <strong>Forget</strong> and <strong>Forget All</strong> buttons become disabled;</li>
<li>The <strong>Import</strong> button becomes disabled.</li>
</ul></p>
<p>While <strong>Lock parameters</strong> is checked, generating passphrases works as usual, except that you cannot enter any new site tokens in the <strong>Site name</strong> box and you cannot change any of the optional rules. Thus, it can be handy for regenerating passphrases you've already used before without exposing them to fat-fingering. Clicking the <strong>Generate</strong> button generates the passphrase, but the site parameters are not overwritten in the registry. If you need to add, remove, or modify any of your saved sites, you can restore Cryptnos to its default state by unchecking this box and the controls listed above will become re-enabled.</p>
<p>Below these two checkboxes are two buttons. The <strong>Forget</strong> button will erase the saved site parameters for whatever site token is currently in the <strong>Site name</strong> box. A confirmation dialog will let you double-check this action before it is done, since erasing a site cannot be undone. If you would like to quickly erase <em>all</em> of your saved site parameters, the <strong>Forget All</strong> button will do just that, also forcing you to confirm the action before performing it. These buttons will become disabled if the <strong>Lock parameters</strong> checkbox is checked or if there are no saved sites to "forget".

<a name="cmdbuttons"><h3>Command Controls</h3></a>

<p>At the bottom of the form, outside the control groups listed above, are a series of common controls.</p>

<p>The <strong>Show tooltips help</strong> checkbox turns on and off the tooltip-based help system. By default, this system is turned on and hovering your mouse over any control on the form provides additional information on what that field is for and how it should be used. Over time, however, you will likely become familiar with the usage of the application and these tooltip will probably just get in your way. They are very useful for beginners, but they can become annoying pretty quickly. This checkbox will allow you to turn them on and off whenever they are needed. Cryptnos will remember this setting whenever you close the program.</p>
<p>The <strong>Copy password to clipboard</strong> checkbox has been added in Cryptnos 1.1. It replicates a behavior added to Cryptnos for Android 1.0. When checked, clicking the <strong>Generate</strong> button not only generates the new password, but also copies that password to the system clipboard. During our testing, we found that the most common thing users did after generating their new passwords was to copy them to the clipboard so they could paste them into whatever form they needed to authenticate with. This setting saves you this extra step by putting the password directly to the clipboard as soon as it is created. However, this has some security implications as malware can always read the system clipboard and potentially see the password. To protect against this attack and to remain compatible with the original behavior of Cryptnos 1.0, this setting is turned off by default. Cryptnos will remember this setting whenever you close the program.</p>
<p>The <strong>Import</strong> and <strong>Export</strong> buttons allow you to export any saved parameters to a file and import them back in again. This comes in handy for maintaining external backups of your parameter data or if you need to maintain your site parameters among multiple machines, where each has an instance of Cryptnos installed. Cryptnos export files are <em>always</em> encrypted using strong AES (Rijndael) 256-bit encryption keyed to a passphrase you enter at the time of export. Note that the <strong>Export</strong> button becomes disabled if there are no saved parameters in the registry, while <strong>Import</strong> becomes disabled if the <strong>Lock parameters</strong> checkbox is checked.</p>
<p>To export your parameters, you must have saved parameters to export. Make sure the <strong>Remember parameters</strong> checkbox is checked. (The state of the <strong>Lock parameters</strong> checkbox is irrelevant to exports.) Generate your list of site parameters, making sure to press the <strong>Generate</strong> button after each one to ensure that the parameters are saved to the registry. To begin the export, click the <strong>Export</strong> button. A dialog box will appear that will allow you to choose whether to export some or all of your parameters. You may want to export all of them to backup your settings or to copy them all to another machine, while exporting some is useful when you want to export only parameters you've changed recently, or if you want to export a subset of your list for a trusted friend or colleague. If you choose to export some of your parameters, you can select multiple items in the list box by using a Shift-click or Control-click, which is a standard Windows command sequence. Once you've selected the sites to export, you will be prompted to enter a passphrase twice to ensure that you don't accidentally mistype it. As with all passphrases, make sure to pick something long, strong, and pseudo-random for the best protection. If both passphrases match, you will be prompted for a file name and save location. You can name your file whatever you wish so long as you can remember what the file's name is; for example, you can "hide" the file in plain site by giving it an MP3 or JPG extension. Applications that normally read these files will complain that the file is corrupted or invalid, but that isn't a problem. The export process may be cancelled at any time by clicking any of the Cancel buttons along the way.</p>
<p>To import a set of parameters, make sure the <strong>Remember parameters</strong> checkbox is checked and the <strong>Lock parameters</strong> checkbox is unchecked. Click the <strong>Import</strong> button. A warning dialog will appear, informing you that if the import file contains an entry for a site that is in your current list of parameters, the parameters in the import file will overwrite the settings currently in the registry. If you choose to proceed, you will be prompted for the import file's location, then for the file's passphrase. If the passphrase is correct and the file is a valid Cryptnos export file, the parameters will be decrypted, read, and loaded into the Cryptnos registry location.</p>
<p>Please note that the export format has changed with Cryptnos 1.1. Previously, Cryptnos for Windows used an export format that was incompatible with versions of the program on other platforms, such as Java or Google Android. This has now changed, and Cryptnos 1.1 and later exports in a new cross-platform compatible format. This format is still encrypted as before, but it now shares a common internal format that other versions on other platforms can read. This does mean, however, that if you export your parameters from Cryptnos 1.1 or later, you cannot import those parameters back into Cryptnos 1.0. In contrast, Cryptnos 1.1 and later can still read the original Cryptnos 1.0 export format, so your old export files can still be imported. We do recommend, however, that you re-export in the new format as an additional safety measure.</p>
<p>The last two buttons provide common functions you are likely already familiar with. The <strong>About</strong> button displays a small dialog box listing the Cryptnos version, copyright, a home page link, and a brief license statement. The <strong>Close</strong> button will close the Cryptnos application. If the <strong>Remember parameters</strong> checkbox is checked and the <strong>Lock parameters</strong> checkbox is unchecked, closing Cryptnos will make sure that the last generated site parameters are also stored in the registry.</p>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<a name="updates"><h2>Finding Cryptnos Updates</h2></a>

<p>Beginning with version 1.1, Cryptnos now includes a small bit of code that checks for updates to the application. When it comes to security products, making sure you have the latest version is very important as updates may contain security patches and bug fixes that may affect the security of your data. Once per week, Cryptnos will contact the official Cryptnos website to see if a newer version is available. This check will occur in the background so it should not interrupt your current workflow. If a new version is found, you will be asked if you would like to download and install the new version. If no new update is found or if an error occurs during the check (i.e., you are not connected to the Internet, the update feed is invalid, etc.), the update check process will silently close. Thus, you never have to worry about being interrupted unless a new update is actually found.</p>
<p>The update checker will only download a specially formatted XML file, validate it, and if an update has been found, optionally download the installer executable. No personally identifiable information will be shared with the Cryptnos server during this update check process. The only information we will be able to see will be your IP address, which is required for all Internet communication. No other information will be sent to the Cryptnos server, including the current of Cryptnos you have installed. Your privacy is very important to us, and we do not want the extra burden of logging information we do not want or need.</p>
<p>For the truly paranoid, very advanced users who do not wish for this check to be performed at all, you may disable the update check by adding the registry key <code>DisableUpdateCheck</code> with a <code>REG_DWORD</code> value of 1 within the registry key <code>HKCU\Software\GPF Comics\Cryptnos</code>. There is no user interface option for this check; it requires a manual registry edit. This is because we strongly discourage disabling this check unless you have a very important reason for doing so. Modifying the registry is considered an advanced topic that is extremely dangerous and beyond the scope of this document. Extreme caution should be taken if you decided to disable this feature and we cannot be held responsible for any loss of data or damage to your system if you decide to do so.</p>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<a name="security"><h2>Security Considerations</h2></a>

<p>Since Cryptnos is designed to generate strong, pseudo-random passphrases, security should be a paramount concern for both you and us. It would be safe to assume that if you're considering Cryptnos for your passphrase generation needs, you likely have deep concern for the protection of your data and account credentials. Fortunately, Cryptnos is right behind you, protecting your data as best it can.</p>
<p>Whenever possible, Cryptnos encrypts any data it stores to protect its contents. For saved parameter information, site tokens are hashed using a one-way, irreversible cryptographic hash to prevent the token from being guessed by just looking at the registry keys. This hash includes the user's login name and the machine name as part of the salt, meaning that the hash value will be unique for every user/machine combination. When the site parameters are stored to the registry, they are encrypted using 256-bit AES encryption and stored as a binary "blob" of data. The parameters cannot be recovered, even by the machine's administrator, without incredible brute-force attacks.</p>
<p>During export, site parameters are again encrypted using AES, this time keyed to a passphrase entered by the user during the export process. The same passphrase is required during import, protecting the data from unauthorized access. The passphrase used for export and import is <em>never</em> saved.</p>
<p>In all cases, any time the site parameters are stored, the user's secret passphrase is <em>never</em> stored. Thus, even if an attacker somehow managed to break the encryption protecting your parameter data, they would never have <em>all</em> of the elements required to generate the final passphrase. As such, the secret becomes the most import part of your parameter information and should be the most closely guarded. It should never be written down or stored anywhere, and you should be wary of potential social engineering attacks by which an attacker may trick or coerce you into revealing your passphrase.</p>
<p>Of course, for the <em>truly</em> paranoid, you can always uncheck the <strong>Remember parameters</strong> checkbox and Cryptnos will remember nothing of your site parameters. Nothing will be written to the Windows registry and, by consequence, nothing can be imported or exported. This of course requires you to know your site token, secret passphrase, and optional parameters for every passphrase your generate. This is certainly the most restrictive and secure mode to operate in, but the least convenient.</p>
<p>For the <em>extremely</em> paranoid, you should never use the generated passphrase <em>exactly</em> as it appears. You can add yet another layer of security by slightly modifying the generated passphrase before using it at the target site. For example, you could generate a passphrase and then transpose the first three characters, rotating them so the second becomes the first, the third becomes the second, and the first becomes the third. Then if an attacker somehow managed to break all the layers of encryption protecting your parameters as well as socially engineer your secret passphrase from you, they will not be able to use any generated passphrases as is. Such an added step may seem pointless or cumbersome, but definitely adds another layer of complexity that vastly improve the overall security of your logins.</p>
<p>Cryptnos should never be used to generate passphrases on a computer which you do not control or trust. Any computer can be compromised by viruses, trojans, keyloggers, or any number of other forms of malware. Keyloggers can scan everything you type, including your secret passphrase. Some malware takes screenshots of items on the screen, which may include your site token and your generated passphrase. Any program that compromises the system memory can read the memory addresses of other programs, which may include any site token, secret, or generated passphrase used by Cryptnos. And while a security conscious computer user can taken plenty of precautions to ensure that their own system remains secure, you should <em>never</em> trust a publicly accessible system or other computer that you cannot guarantee its security.</p>
<p>.NET includes a <code>SecureString</code> class that encrypts text data whenever it is stored in memory and attempts to lock it into memory to prevent it from being swapped out into the system's virtual memory page file. While it would certainly be possible for us to use this functionality in Cryptnos, careful consideration of the facts reveals that this "protection" isn't very useful. For one thing, the controls on the Cryptnos window that display your inputs and generated passphrase cannot use the <code>SecureString</code> class; they can only use the normal <code>String</code> class, which offers no protection at all. Thus, in order to display your inputs and generated passphrase, this data must be converted from a <code>SecureString</code> to a <code>String</code>, completely negating any protection the <code>SecureString</code> may have offered. There has also been criticism concerning the <code>SecureString</code> implementation that implies that some of its protection mechanisms (namely preventing the data from being swapped to the hard disk) do not offer the protection they claim. Thus, you should be aware that Cryptnos does <em>not</em> use this mechanism to protect its data and in theory <em>any</em> process that runs on the machine <em>may</em> be able to read these values from memory. Thus, you should only use Cryptnos on a "trusted" system as described above.</p>
<p>Serious crypto-heads should take note that the AES encryption used by Cryptnos uses an initialization vector (IV) that is programmatically generated rather than being truly random. There are two reasons for this decision. The first, with respect to saving the site parameters to the registry, the IV would need to be stored somewhere on the system in order for it to be used later to retrieved the saved data. Storing the IV in the registry would be counterproductive (similar to storing the combination to a safe under the safe's foot), and saving it to disk would simply be transferring the problem somewhere else (storing the safe combination in the unlocked desk drawer nearby). On the second item, concerning the export/import process, the IV must be something that may be generated on multiple machines; if you are moving your parameters from one machine to another, you will obviously want to decrypt the data to import it. A truly random IV would be difficult to deal with in this case, and the user would be required to enter it as well as the passphrase to decrypt the import. Thus, despite the fact that a truly random or pseudo-random IV would offer far superior protection for this encrypted data, we instead use a generated IV in our encryption methods. This IV is generated using various cryptographic hashes, salts, and similar data, so we consider it to be "good enough" for most circumstances. However, we point this distinction out so you can decide for yourself if "good enough" is good enough for your personal needs.</p>
<p>Because of the nature of this application, it is strongly recommended that you create a full backup of your site parameters (via the Export feature) any time you make a change. For the highest level of protection, this backup should be stored in a safe place external of your machine, even though the data is encrypted. Any number of events may occur to destroy or attempt to modify your saved parameters, such as virus or malware infections, catastrophic hard disk failures, or even malicious (or incompetent) system administrators. Even a change as simple as changing your Windows login user name or the machine's network name may render your parameters useless, since these items are used (along with several other things) to seed encryption keys and hashes when storing your data. Therefore, a redundant, external, independently encrypted copy of your parameters should be maintained at all times in order to restore your parameters should they become destroyed or unusable. We consider this to be the user's responsibility and we cannot be held responsible for your inability or unwillingness to keep such a backup.</p>
<p>See the <a href="#updates">Finding Cryptnos Updates</a> section above for details on how to keep your installation of Cryptnos up-to-date. Also see the <a href="#portable">Portable Cryptnos</a> section for reasons why running Cryptnos as a portable app is strongly discouraged.</p>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<a name="changelog"><h2>Change Log</h2></a>

<ul>
<li><strong>Version 1.0:</strong>
<ul>
<li>Initial release</li>
</ul>
<li><strong>Version 1.1:</strong>
<ul>
<li>Introduced cross-platform export format. Exports from this version onward should now be readable by compatible versions of Cryptnos on other platforms (Java, Google Android, etc.). Read-only support for original export format is still included, but new export format is not backward compatible.</li>
<li>Added the <strong>Copy password to clipboard</strong> checkbox. When checked, clicking the <strong>Generate</strong> button now copies the generated password to the system clipboard, a behavior introduced in Cryptnos for Android 1.0. The default is unchecked, which replicates the behavior of Cryptnos for Windows 1.0.</li>
<li>Added update check feature that checks the Cryptnos site periodically to see if there are newer versions of the application available.</li>
<li>Minor improvements to UI appearance and error checking.</li>
<li>Added Legion of the Bouncy Castle Crypto API license information to the About dialog, in addition to the GPL 2 license info specific to Cryptnos that was already there.</li>
</ul>
</li>
</ul>

<p>[ <a href="#toc">Return to Table of Contents</a> ]</p>

<p>This document is &#169; Copyright 2010, Jeffrey T. Darlington. It and the software it describes are released under the <a href="gpl.html">GNU General Public License, Version 2</a>.</p>
</body></html>
